Wireshark · Wireshark-users: [Wireshark-users] Wireshark time behind the actual time

Wireshark-users: [Wireshark-users] Wireshark time behind the actual time

From: Gary Chaulklin <garychaulklin@xxxxxxxxx>

Date: Fri, 20 Aug 2010 04:09:04 -0700 (PDT)

I am working with an employee in a remote location. I am getting him to run FiddlerCap and Wireshark to get plain text and packet level traces to troubleshoot an issue.

The FiddlerCap trace matched the users experience in terms of watching the clock on the PC, but Wireshark is about 20 seconds behind the actual time. As the trace goes on the time of the Wireshark packets gets more behind the actual time so that by the end of a 5 minute trace it is over 60 seconds behind. The FiddlerCap trace which records timings to the millisecond always seems to be correct.

Any ideas as to why the Wireshark time would be behind the actual time for this remote user? I have worked with dozens of users over a period of several years with first Ethereal then Wireshark and have never seen this particular issue.

The remote user and I run the same Windows XP Professional PCs. So I don't know of anything unique about the remote users PC or software.

Follow-Ups:
- Re: [Wireshark-users] Wireshark time behind the actual time
  - From: Guy Harris

Prev by Date: [Wireshark-users] SSH decode
Next by Date: Re: [Wireshark-users] SSH decode
Previous by thread: Re: [Wireshark-users] SSH decode
Next by thread: Re: [Wireshark-users] Wireshark time behind the actual time
Index(es):
- Date
- Thread